Mitaka
Mitaka is a browser extension for OSINT (open source intelligence) search which can:
- Extract & refang IoCs (indicators of compromise) from a selected block of text.
- E.g.
example[.]com
toexample.com
,test[at]example.com
to[email protected]
,hxxp://example.com
tohttp://example.com
, etc. - You can find all the refang techniques at here.
- E.g.
- Search / scan it on various engines.
- E.g. VirusTotal, urlscan.io, Censys, Shodan, etc.
Install
Features
Supported IoCs
name | desc. | e.g. |
---|---|---|
text | Freetext | any string(s) |
asn | ASN | AS13335 |
btc | BTC address | 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |
cve | CVE number | CVE-2018-11776 |
domain | Domain name | github.com |
Email address | [email protected] |
|
eth | Ethereum address | 0x32be343b94f860124dc4fee278fdcbd38c102d88 |
gaPubID | Google Adsense Publisher ID | pub-9383614236930773 |
gaTrackID | Google Analytics Tracker ID | UA-67609351-1 |
hash | md5 / sha1 / sha256 | 44d88612fea8a8f36de82e1278abb02f |
ip | IPv4 address | 8.8.8.8 |
url | URL | https://github.com |
Supported search engines
name | url | supported types |
---|---|---|
AbuseIPDB | https://www.abuseipdb.com | ip |
AnyRun | https://app.any.run | hash |
apklab | https://apklab.io | hash (SHA256 only) |
archive.org | https://archive.org | url |
archive.today | http://archive.fo | url |
Auth0 | https://auth0.com | ip |
BGPView | https://bgpview.io | ip / asn |
BinaryEdge | https://app.binaryedge.io | ip / domain |
BitcoinAbuse | https://www.bitcoinabuse.com | btc |
BitcoinWhosWhos | https://bitcoinwhoswho.com | btc |
Blockchain.com | https://www.blockchain.com | btc |
Blockchair | https://blockchair.com | btc / eth |
BlockCypher | https://live.blockcypher.com | btc |
Censys | https://censys.io | ip / domain / asn / text |
crt.sh | https://crt.sh | domain |
DNSlytics | https://dnslytics.com | ip / domain |
DomainBigData | https://domainbigdata.com | ip / domain / email |
DomainTools | https://www.domaintools.com | ip / domain |
DomainWatch | https://domainwat.ch | domain / email |
EmailRep | https://emailrep.io | |
FOFA | https://fofa.so | ip / domain |
FortiGuard | https://fortiguard.com | ip / url / cve |
Google Safe Browsing | https://transparencyreport.google.com | domain / url |
GreyNoise | https://viz.greynoise.io | ip / domain / asn |
Hashdd | https://hashdd.com | ip / domain / hash |
Hurricane Electric | https://bgp.he.net/ | ip / domain / asn |
HybridAnalysis | https://www.hybrid-analysis.com | ip / domain / hash |
Intelligence X | https://intelx.io | ip / domain / url / email / btc |
Intezer | https://analyze.intezer.com | hash |
IPinfo | https://ipinfo.io | ip / asn |
IPIP | https://en.ipip.net | ip / asn |
Joe Sandbox | https://www.joesandbox.com | hash |
MalShare | https://malshare.com | hash |
Maltiverse | https://www.maltiverse.com | domain / hash |
MalwareBazaar | https://bazaar.abuse.ch | hash |
Malwares | https://www.malwares.com | hash |
NVD | https://nvd.nist.gov | cve |
OOCPR | https://data.occrp.org | |
ONYPHE | https://www.onyphe.io | ip |
OpenTIP | https://opentip.kaspersky.com | hash |
OTX | https://otx.alienvault.com | ip / domain / hash |
PublicWWW | https://publicwww.com | text |
Pulsedive | https://pulsedive.com | ip / domain / url / hash |
Radar | https://radar.cloudflare.com | ip / domain |
RiskIQ | http://community.riskiq.com | ip / domain / email / gaTrackID |
Robtex | https://www.robtex.com | ip / domain |
Scumware | https://www.scumware.org | ip / domain / hash (MD5 only) |
SecurityTrails | https://securitytrails.com | ip / domain / email |
Shodan | https://www.shodan.io | ip / domain / asn |
Sploitus | https://sploitus.com | cve |
SpyOnWeb | http://spyonweb.com | ip / domain / gaPubID / gaTrackID |
Spyse | https://spyse.com | ip / domain / asn |
Talos | https://talosintelligence.com | ip / domain |
ThreatConnect | https://app.threatconnect.com | ip / domain / email |
ThreatCrowd | https://www.threatcrowd.org | ip / domain / email |
ThreatMiner | https://www.threatminer.org | ip / domain / hash |
TIP | https://threatintelligenceplatform.com | ip / domain |
URLhaus | https://urlhaus.abuse.ch | ip / domain |
Urlscan | https://urlscan.io | ip / domain / asn / url |
ViewDNS | https://viewdns.info | ip / domain / email |
VirusTotal | https://www.virustotal.com | ip / domain / url / hash |
VMRay | https://www.vmray.com | hash |
Vulmon | https://vulmon.com | cve |
VulncodeDB | https://www.vulncode-db.com | cve |
VxCube | http://vxcube.com | ip / domain / hash |
WebAnalyzer | https://wa-com.com | domain |
X-Force Exchange | https://exchange.xforce.ibmcloud.com | ip / domain / hash |
ZoomEye | https://www.zoomeye.org | ip |
Supported scan engines
name | url | supported types |
---|---|---|
Browserling | https://www.browserling.com | url |
HybridAnalysis | https://www.hybrid-analysis.com | url |
Urlscan | https://urlscan.io | ip / domain / url |
VirusTotal | https://www.virustotal.com | url |
How to use
This browser extension shows context menus based on a type of IoC you selected and then you can choose what you want to search / scan on.
Examples:
Also, there is a how-to article about Mitaka which is written by Null Byte.
Note:
Please set your API keys in the options for enabling HybridAnalysis, urlscan.io and VirusTotal scans.
Options
You can enable / disable a search engine on the options page based on your preference.
About Permissons
This browser extension requires the following permissions.
Read and change all your data on the websites you visit
:- This extension creates context menus dynamically based on what you select on a website.
- It means this extension requires reading all your data on the websites you visit. (This extension doesn't change anything on the websites)
Display notifications
:- This extension makes a notification when something goes wrong.
I don't (and will never) collect any information from the users.
Privacy Policy
Alternatives or Similar Tools
- CrowdScrape
- Gotanda
- Sputnik
- ThreatConnect Integrated Chrome Extension
- ThreatPinch Lookup
- VTchromizer
Contribute
Read the contribution guide and join the contributors.